>I've tried the bounce and hold on some of the most common ones that >Declude says is almost 100% spam.. and I still get many complaints from >my sites that mail is getting blocked / bounced, etc. So I'm forced to >go back to all WARN ..
Well, you first need to decide what your position will be on spam and spam-friendly mail servers. I would not recommend blocking mail from open relays, or mail servers with no reverse DNS entry, as there are just too many out there. Although those are signs of a poorly run mail server, legitimate mail will often come from them. On the other hand, how do you want to treat broken mail? About 1/2 of all spam has broken mail headers -- headers that violate the RFCs, and are likely to get lost on mail servers or mail clients. If 1 out of 500 legitimate E-mails has broken mail headers, is it worth blocking that 1 E-mail (using the BADHEADERS test) in order to stop 1/2 of your spam? In many cases, that E-mail would get lost other places (or simply deleted), so it isn't a big loss. But, the best way to catch spam with Declude is using the new weighting system in the latest release. Using the weighting system, you'll only catch E-mail that fails multiple tests, which offers a much better balance. That way, that E-mail with the broken headers could be allowed through a well maintained mail server, but would get caught if both the mail client was broken and the mail server was poorly set up. By only tagging E-mail as spam if it fails multiple tests, you reduce the false positives, and the only legitimate mail that will get caught is mail that fails multiple tests (so you can easily explain, if needed, that there were serious problems with the mail anyways). You may also want to go to http://www.declude.com/spamtrap.htm which shows the most recent 20 E-mails received in our spamtraps, at which test(s) they failed (along with the total weight, for our new weighting system). http://www.declude.com/junkmail/support/ip4r.htm shows a list of all known DNS-based spam tests, with some information about them. Also, the Message Sniffer from http://www.sortmonster.com is worth looking into, as it will analyze the body of the E-mail (the content) rather than analyzing the mail server and mail client and how the mail was put together. I would highly recommend that you join the Declude JunkMail mailing list (by sending E-mail to [EMAIL PROTECTED] with "subscribe declude.junkmail Your Name" in the message body), which is the best place to ask about Declude JunkMail settings. >The question is does anyone support multiple sites (ISP) or mail >provider that has got this product working successfully.?? If so could >you share some of the setups that you have please... I've worked with >Scott a few times, and seem to get only real general answers. I'm >looking for some tried settings that work. Or is there such a thing ? There isn't -- because every system is unique (IE one company versus an ISP versus free web mail, and so on), and each system has its own "spam profile" (the type of spam it receives based on how long the domain has been around, how popular it is, where the addresses are found, how much solicited commercial E-mail is received, etc.). The most important factor is the tolerance for spam -- IE would you rather catch almost all spam while occasionally catching a valid E-mail, or would you rather receive somewhat more spam but have little if any legitimate E-mail get caught? We recommend the BADHEADERS test because it can't catch any legitimate mail -- it just catches spam and E-mail with broken headers (which should never be sent from a legitimate mail client). The MAILFROM is also useful, as it will catch a fair bit of spam, but won't catch any legitimate mail (except if the mail client is broken, or seriously misconfigured). But the other tests that you run depend on your unique situation. For example, are you willing to block all mail from msn.com because they don't have a valid abuse@ account (which is required)? Most people aren't willing to fight msn.com, but a few people are. To get the optimum settings for you, you'll need to spend some time reviewing the various tests, deciding which are right for you, *and* how to handle them (do you want to delete or quarantine them, so end users never see them? Do you want to add a warning header so the recipient can filter them?). Unfortunately, unlike virus control (which is nearly an exact science), spam control isn't cut and dry. It requires some thinking as to what will be best in your situation, and some trial and error. -Scott --- Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for IMail. http://www.declude.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
